Passcode Lock Available for: iPhone 4 and later Impact: A person with physical access to the device may be able to make calls to any number Description: A NULL dereference existed in the lock screen which would cause it to restart if the emergency call button was tapped repeatedly. While the lock screen was restarting, the call dialer could not get the lock screen state and assumed the device was unlocked, and so allowed non-emergency numbers to be dialed. This issue was addressed by avoiding the NULL dereference. CVE-ID CVE-2013-5160 : Karam Daoud of PART – Marketing & Business Development, Andrew Chung, Mariusz Rysz

Passcode Lock Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to see recently used apps, see, edit, and share photos Description: The list of apps you opened could be accessed during some transitions while the device was locked, and the Camera app could be opened while the device was locked. CVE-ID CVE-2013-5161 : videosdebarraquito

This update is available through iTunes and Software Update on your iOS device.

Apple have released updates to their OS X Server. Some of the updates for the applications below fixes issues which may lead to arbitrary code execution, so it’s important to update as soon as possible through Software Update. ClamAV PostgreSQL Wiki Server

As to our own security posts, Apple have released iOS7, Microsoft have a fix available for the Internet Explorer vulnerability and Mozilla have updated their products to fix memory issues, and it’s suggested to update as soon as possible.

Apple have released the latest version of their iOS, version 7. This release contains a lot of features, but a lot of security vulnerabilities have also been fixed which means it’s important to update your iOS device as soon as possible.

If you, like me, manage many servers, it’s essential to name network adapters in a way that makes it easy to troubleshoot issues when they arise.

In complex networks with thousands of servers and all servers connected using multiple paths a consistent naming standard is very important!

PowerShell and the cmdlets available in Windows Server makes naming adapters a breeze. The servers we usualy deploy have built in four (4) port network adapters. We like to name the Windows NICs the same as is the default in Linux; eth0, eth1, etc.

In the following example we name the adapters eth0, eth1, eth2 and eth3 in Windows. The NIC with the lowest MAC address gets the name eth0 etc. (If you prefer to to start naming adapters from eth1 change the variable $NICs to 0):

Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.

Is ransomware just another cry wolf, or something organizations should take seriously? Basefarm considers ransomware to be the number one IT threat today. The company’s best advice is to protect yourself before the threat affects you.

No empty threat – Companies and other organizations have become accustomed to warnings of computer threats without being affected by them. Therefore, it is tempting to ignore the ransomware threat. You should not do that. In return, the remedies for ransomware also works preventively against many other threats, Fredrik Svantes, leader of Basefarm SIRT (Security Incident Response Team) says.

Basefarm supplies complex IT solutions for mission-critical software. The company’s reference list comprises large businesses, including public administration, transport companies and financial businesses. All depend on their IT systems running without interruptions. Being responsible for this, Basefarm follows the IT threat level closely. – We have seen attempted attacks. Slightly larger companies with a healthy economy are particularly vulnerable, Svantes confirms.

Loss of time and revenue The attack stories keep coming. Here are two of them: A hospital in California was infiltrated. In order to access their own patient journals, they paid 20,000 dollars. In January last year, ransomware took over more than 20 million files at the Swedish National Agency for Education. The story of the National Agency for Education is the most typical of all. According to dn.se (Dagens Nyheter, the Daily News) an employee opened a file which ended up in the mailbox. Thus the person’s computer and the document server of the entire organization were infected. On the server were most of the documents that the employees had, including business decisions reports and other support material. It took nearly a week to reset the server from a backup taken the day before. – One week without access is a long time, and will entail delays and losses. Even if you are advised not to pay the ransom, many are tempted in order to regain access to their files. After all, not getting the files back could mean a total disaster. The tendency is for the size of the ransom to rise along with the willingness to pay, Svantes says.

Infected ads The infection may also come from infected websites. Many who hears this intuitively thinks that this means someone has visited websites they should not have visited. However, ransomware is distributed through ad networks in ads that can be found at most completely normal websites, including online newspapers and blogs. In other words, if you want to distribute a virus you can buy ad space and for example upload a file with flash animation. Users without updated flash software/clients on their computers are exposed to risk of infection. – The crooks earn money doing this, and therefore they have no problems paying for the ads.

Takes the TV and other “Internet things”

The problem with ransomware and other malware is going to grow due to the prevalence of the Internet of Things (IoT). These things are connected to the internet in one way or another. Many of them are cheap compared to, for example, a server or a PC. They may be secure when purchased, but the manufacturer or you may not be very interested in taking the costs of keeping them up to date. The first TVs have already been taken by discount ransomware. For a few hundred you can get the unit back up and running. The fact that life-critical, medical equipment may be open to this type of attack is even more serious.

8 tips how to protect your business against ransomware

The good thing about methods of protecting yourself against ransomware is that they also work against other malware and other types of attack.

Tip 1: Ensure the organization has the right knowledge and culture Considering that antivirus systems and firewalls routinely are updated and blocks regular mass attacks, the crooks are forced to find new, clever paths. A phenomenon that is rapidly spreading is that the attacks are directed towards individuals. By searching Facebook, LinkedIn or other social channels they find information about persons and their networks. Then they send e-mails to the victims, who feel safe on the basis of the personal character of the information. The consequence of this is that businesses must establish a culture with sufficient knowledge of this type of approach, and therefore be extra attentive towards what might happen. A vigilant mindset towards e-mail and memory sticks must be part of such a culture. Firstly, not all e-mails should be opened. Secondly, not all attachments should be opened. Thirdly, do not reply to everything. And do not insert any unknown memory stick into the computer!

Tip 2: Establish routines for handling attacks and ensure that everybody knows them Someone takes the chance of opening an e-mail because they do not want to be a nuisance or expose their “stupidity”. Clearly not a good idea. People need to know who to contact, and that they will be met in a friendly and professional manner. If something occurs, the notification procedures must be crystal clear, the distribution of responsibility indisputable and the measures immediate. The organization must keep surveillance equipment and control this equipment, including making sure there are subscribers to security updates. Part of the contingency is practicing. Practice may be done at different levels: from within the IT department to the entire organization.

Tip 3: Have a backup and make sure it works You have heard this advice before: backup. But if your backup is reasonably new, and you have restore processes that work, you will be relatively fine even if you are affected by ransomware. You cannot backup database-based systems (CRM, ERP, financial systems etc.) that are running. Such systems must therefore be set to backup their own data, and then you backup these backups. No backups are safe before you have tested that they can be used (restore). Cloud backups may be good, but remember that transferring large amounts of data can take quite some time. Block the backup server for all types of users except the backup software itself. This way you prevent the infection from destroying the backup.

Tip 4: Segment networks and rights This entails ensuring that different employees have read- or write access only to the specific areas of a server that they need. If they are affected by ransomware, this will only affect these areas. Furthermore, the user should not be allowed to install any software or run software as administrator. This way any infection will be limited to the areas that the user has access to, and cannot easily take over the entire computer.

Tip 5: Ensure that all software is up to date This applies to both clients and servers. Flash and Java are two vulnerable systems where most of the infections occur today. Outdated software may have security holes that the crooks can force their way through.

Tip 6: Limit what programs the users can run Most people currently run antivirus, but antiviruses can only stop known malware. Every day there are new variants that the antivirus cannot recognize, since the attackers change the malware and test it against common antiviruses right before they send it out.Whitelisting is the opposite tactic: Instead of, or in addition to, maintaining a list of programs you do not want to run, you maintain a list of software you actually want. Ransomware is not on that list, and will therefore not be run. Whitelisting has proven difficult in practice, but is now becoming easier to use. It is the most efficient technique against ransomware.

Tip 7: Have an updated firewall The firewall prevents outside users to access the local network. Classic firewalls block entrances. But some ports, such as port 80 (normally www/http) must usually be open, and a classic firewall will therefore not stop attacks via this port. More advanced firewalls therefore monitor content coming through the ports. In any case there are less risks connected to computer usage behind a firewall than in front of it.

Tip 8: Use intrusion detection systems (IDS) IDS systems monitor the network traffic. If the system detects a computer that starts to send out large amounts of data or contacts servers it does not usually use, this is an early infection indication that can be used for blocking the computer and protecting others.